Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Contents

In the Spring of 2007, government computer systems in Estonia experienced a sustained cyberattack that has been labeled by various observers as cyberwarfare, or cyberterror, or cybercrime. On April 27, officials in Estonia moved a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. The move stirred emotions, and led to rioting by ethnic Russians, and the blockading of the Estonian Embassy in Moscow. The event also marked the beginning of a series of large and sustained distributed denial-of-service (DDOS) attacks launched against several Estonian national websites, including government ministries and the prime minister’s Reform Party.[1]

In the early days of the cyberattack, government websites that normally receive around 1,000 visits a day reportedly were receiving 2,000 visits every second. This caused the repeated shut down of some websites for several hours at a time or longer, according to Estonian officials.[2] The attacks, which flooded computers and servers and blocked legitimate users, were described as crippling, owing to Estonia’s high dependence on information technology, but limited resources for managing their infrastructure. Security experts say that the cyberattacks against Estonia were unusual because the rate of the packet attack was very high, and the series of attacks lasted weeks, rather than hour or days, which is more commonly seen for a denial of service attack.[3] Eventually, NATO and the United States sent computer security experts to Estonia to help recover from the attacks, and to analyze the methods used and attempt to determine the source of the attacks.

Initially, the Russian government was blamed by Estonian officials for the cyberattacks, and there were charges of cyberwarfare. Other observers argued that the cyberattack involved collusion between the Russian government and transnational cybercriminals who made their large botnets available for short-term rent, either to individuals or to larger groups. They argue that as the rented time expired, the intensity of the persistent cyberattacks against Estonia also began to fall off.[4] However, not all security experts agree, and it remains unclear whether the cyberattacks were sanctioned or initiated by the Russian government, or if a
criminal botnet was actually involved.

After some investigation, network analysts later concluded that the cyberattacks targeting Estonia were not a concerted attack, but instead were the product of spontaneous anger from a loose federation of separate attackers. Technical data showed that sources of the attack were worldwide rather than concentrated in a few locations. The computer code that caused the DDOS attack was posted and shared in many Russian language chat rooms, where the moving of the war memorial was a very emotional topic for discussion. These analysts state that although access to various Estonian government agencies was blocked by the malicious code, there was no apparent attempt to target national critical infrastructure other than internet resources, and no extortion demands were made. Their analysis thus far concluded that there was no Russian government connection to the attacks against Estonia.[5]

In January 2008, a court in Estonia convicted and fined a local man for bringing down a government website, as part of the extended cyberattack in 2007. The 20-year-old, who is apparently an ethnic Russian Estonian, used his home PC to carry out the attack. The investigation continues, and so far, he is the only person convicted for participating in the cyberattack against Estonia.[6]

"Because Estonia is a member of NATO and the European Union, this event exposed how unprepared those organizations may have been to respond to a cyberattack against a member state. Had Estonia invoked NATO's Article V collective security provision, doing so would have raised several thorny questions about what kind of attack triggers those alliance obligations. The fact that the cyberattack was targeted at a member state and prompted an official state response was complicated by the inability to identify the aggressor. Moreover, the attack did no physical damage, and in the end did no permanent damage to Estonia's web-based infrastructure. The damage was measurable only in terms of short-lived commercial losses."[7]